if (null == request.getParameter(Constants.TOKEN_KEY)) {
saveToken(request);
}
else {
if (!isTokenValid(request, true)) {
response.sendError(HttpServletResponse.SC_CONFLICT, "The request
received was out
of sequence, perhaps due to a second submit, refresh, or unexpected
post
data.");
return null;
}
}
I have this code in my execute method. The request won't have a token unless
it is a form submission. Therefore, I think I can safely get away with this
code.
Is this true? I believe using tokens is the preferred way to handle duplicate
form submits. However, I'm not clear on the best way to do this.
Thanks,
Derrick
